Mar2006 08

{mosimage}After, ZDNet's much publicised accusation that OS X was hacked in 30 minutes (the machine was hacked because local accounts were given out), the University of Wisconsin threw down a real challenge.

"The testing period is now closed and the response has been very strong.

  • Traffic to the host spiked at over 30 Mbps.
  • Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus.
  • The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up.
  • The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations.
  • There were no successful access attempts during the 38 hour duration of the test period.

The Next Day ...

  • The site received almost a half a million requests via the web.
  • There were over 4000 login attempts via ssh.
  • The ipfw log grew at 40MB/hour and contains 6 million events logged.
  • More test results and information will be published here at a future date."

Unfortunately, the University had to take it down, as it wasn't a Uni sanctioned activity.

blog comments powered by Disqus